diff options
| author | Mario <mario@mariovavti.com> | 2023-03-08 10:04:29 +0000 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2023-03-08 10:04:29 +0000 |
| commit | 234bb6425021b72f0db71667191b2c36dc593791 (patch) | |
| tree | 2966d68516cebae70d4a75aace9962a809532339 /include | |
| parent | d43a56614cd93982d19f4f82aae6e62f9ca533a9 (diff) | |
| download | volse-hubzilla-234bb6425021b72f0db71667191b2c36dc593791.tar.gz volse-hubzilla-234bb6425021b72f0db71667191b2c36dc593791.tar.bz2 volse-hubzilla-234bb6425021b72f0db71667191b2c36dc593791.zip | |
port totp mfa from streams with some adjustions
Diffstat (limited to 'include')
| -rw-r--r-- | include/auth.php | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/include/auth.php b/include/auth.php index 125aedffd..de515489a 100644 --- a/include/auth.php +++ b/include/auth.php @@ -10,6 +10,7 @@ */ use Zotlabs\Lib\Libzot; +use Zotlabs\Lib\AConfig; require_once('include/api_auth.php'); require_once('include/security.php'); @@ -263,8 +264,16 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && App::$session->extend_cookie(); $login_refresh = true; } + + $multiFactor = AConfig::Get(App::$account['account_id'], 'system', 'mfa_enabled'); + if ($multiFactor && empty($_SESSION['2FA_VERIFIED']) && App::$module !== 'totp_check') { + $o = new Zotlabs\Module\Totp_check; + echo $o->get(true); + killme(); + } + $ch = (($_SESSION['uid']) ? channelx_by_n($_SESSION['uid']) : null); - authenticate_success($r[0], null, $ch, false, false, $login_refresh); + authenticate_success($r[0], $ch, false, false, $login_refresh); } else { $_SESSION['account_id'] = 0; |